Implementing Traffic Flow through Azure Standard Load Balancer - Exam AZ-303
Question
You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1.
You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines.
You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.ABD
A: To allow the Load Balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the Load
Balancer rotation based on their response to health checks.
B: To distribute traffic to the VMs, a backend address pool contains the IP addresses of the virtual (NICs) connected to the Load Balancer.
D: A Load Balancer rule is used to define how traffic is distributed to the VMs. Only outbound traffic is allowed.
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-manage-portalTo ensure that traffic from the virtual machines to the internet flows through the public Azure Standard Load Balancer (LB1) and to prevent the virtual machines from being accessible on the internet, you should take the following actions:
Add the network interfaces of the virtual machines to the backend pool of LB1: To route traffic from the virtual machines to the internet through the load balancer, you need to add their network interfaces to the backend pool of the load balancer. This enables the load balancer to distribute traffic across the virtual machines.
Associate a network security group (NSG) to Subnet1: To prevent the virtual machines from being accessible on the internet, you can associate a network security group (NSG) to the subnet that contains the virtual machines. NSGs are a type of firewall that can filter network traffic based on source and destination IP address, port, and protocol.
Add an outbound rule to LB1: To ensure that traffic from the virtual machines to the internet flows through LB1, you need to add an outbound rule to the load balancer. The outbound rule specifies that all traffic leaving the backend pool should use the public IP address of the load balancer as the source IP address. This ensures that traffic is routed through the load balancer and that the virtual machines are not accessible on the internet.
Therefore, the correct answers are B, E, and D:
- Add the network interfaces of the virtual machines to the backend pool of LB1 (B)
- Associate a network security group (NSG) to Subnet1 (E)
- Add an outbound rule to LB1 (D)
Answers A, C, and F are not required to achieve the desired outcome:
- Add health probes to LB1 (A): Health probes are used to monitor the health of the backend pool instances. Although adding health probes can help to ensure that LB1 is directing traffic to healthy instances, they are not necessary for routing traffic from the virtual machines to the internet through LB1.
- Add an inbound rule to LB1 (C): Inbound rules are used to control traffic coming into the load balancer. However, since the goal is to route traffic from the virtual machines to the internet through the load balancer and prevent the virtual machines from being accessible on the internet, an inbound rule is not necessary.
- Associate a user-defined route to Subnet1 (F): User-defined routes are used to control traffic routing between subnets or virtual networks. However, since the goal is to route traffic from the virtual machines to the internet through the load balancer and prevent the virtual machines from being accessible on the internet, a user-defined route is not necessary.
